How to integrate Exivity with OneLogin
- In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over Applications in the navigation bar, and click on Applications:
- Click on the Add App button:
- In the list of applications, search for "saml" and click on the item SAML Test Connector (IdP w/ attr w/ sign response):
- Choose a descriptive name for your application and click the Save button:
- Click the Configuration tab:
- Refer to the endpoints section in the Single Sign On article how to obtain the endpoints values. Fill in these fields:
Field | Value |
---|---|
Audience | Entity ID / Metadata URL endpoint |
Recipient | Assertion Consumer Service endpoint |
ACS (Consumer) URL Validator | .* (or specify a custom RegEx) |
ACS (Consumer) URL | Assertion Consumer Service endpoint |
Single Logout URL | Single Logout Service endpoint |
caution
You need to add the OneLogin domain for your organisation to the CORS whitelist as well.
- Now, we have to copy and paste some values from our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab:
- In a separate browser tab, open the Exivity SAML setting (See SAML configuration) and copy over the following settings:
Exivity configuration value | OneLogin field |
---|---|
Entity ID | Issuer URL |
SSO URL | SAML 2.0 Endpoint (HTTP) |
SLO URL | SLO Endpoint (HTTP) |
- Now, let's set up the OneLogin certificate in Exivity. Under the label X.509 Certificate, click the View Details link. Copy the X.509 Certificate and paste it in the X-509 certificate field in the Exivity settings.
- As the last step, copy and paste this JSON object in the Advanced settings in the Exivity settings:
{
"security": {
"wantXMLValidation": false
}
}
- Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to Administration, Settings and then click on the System tab. Make sure the Single Sign-On option is set to an option including SAML2 Authentication:
- OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this:
- And by clicking on the Login button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see configuration) if no existing user is found.